Hi Guys,

I would like to get a list of recently installed security packages along with their descriptions and issue they resolve.
Is this possible over using Yast? If yes, please guide me.

Thank you,

Getting a list of all recent RPM installs can be done as follows:

rpm -qa --last

Else, check the logs under /var/log for what the system has been doing.

–
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below…

Okay, that was easy.
Is there is a way I could get the descriptions of what each rpm was for?

Thank you,

/var/log/zypp/history might be best place to look for recently installed updates e.g.

[CODE]me@mine:~> tail /var/log/zypp/history

Updating etc/sysconfig/net-snmp…

2014-09-10 09:28:19|install|net-snmp|5.4.2.1-8.12.22.1|x86_64||SLED11SP3-Updates_testing|70edf85254227742bcb50b76801715f81ebb9d16|
2014-09-10 09:28:19|install|libsoftokn3-32bit|3.16.4-0.8.1|x86_64||SLED11SP3-Updates_testing|92a0af16900f3a35f9cb5abf3c1da451555f1945|
2014-09-10 09:28:25|install|MozillaFirefox|24.8.0esr-0.8.1|x86_64||SLED11SP3-Updates_testing|e82a4fc2d170344d5120eba976f967087883cc4e|
2014-09-10 09:28:39|install|MozillaFirefox-translations|24.8.0esr-0.8.1|x86_64||SLED11SP3-Updates_testing|1928400a1ec43f8faa5369bafde55f7ca2989e37|
2014-09-10 09:28:40|install|mozilla-nspr-devel|4.10.7-0.3.1|x86_64||SLE11-SDK-SP3-Updates_testing|ae3c03c8bb63aacefd7e866c8d0496f77380501d|
2014-09-10 09:28:40|install|net-snmp-devel|5.4.2.1-8.12.22.1|x86_64||SLE11-SDK-SP3-Updates_testing|b2d41bb042ae2222044bc382094c3e9ab88e8fe8|
2014-09-10 09:28:40|install|mozilla-nss-devel|3.16.4-0.8.1|x86_64||SLE11-SDK-SP3-Updates_testing|0a30823bf6468f78b13cd58ae19e5f96b43d50c0|
2014-09-11 09:27:58|install|microcode_ctl|1.17-102.74.1|x86_64||SLED11SP3-Updates_testing|09e44470de52d559caa490c444a105058ce9860f|
me@mine:~>
[/CODE]

[QUOTE=ddgaikwad;23562]Okay, that was easy.
Is there is a way I could get the descriptions of what each rpm was for?
[/QUOTE]

Depends what you mean by ‘for’. Do you mean, what is the rpm itself is for, or what the update was for?

This will get you a file called installed_in_last_month.txt which contains all the packages installed* in the last month along with a description of each package.

$ export f=/var/log/zypp/history; tail -n +$(grep -m 1 -n "^$(date -d "1 month ago" +%Y-%m-%d)" ${f} | cut -d : -f 1) ${f} | grep -v ^# | grep '|install|' | while read line;do d=$(rpm -q --queryformat="%{description}\ " $(echo $line| cut -d '|' -f3));echo -e "***********************************\ \ ${line}\ \ ${d}";done > installed_in_last_month.txt
Quite possibly there’s a cleaner and/or easier way to do it

This gets you every package that was installed. Not all security patches, not all packages which were updated, just all packages which were installed. There is no differentiation between a package that was installed as an update to an existing package and a new package being installed. zypper’s history file doesn’t seem to differentiate between installing a new package and updating a package.

This attempts to get just updates by also doing a case insensitive grep of /var/log/zypp/history for ‘updates’.

$ export f=/var/log/zypp/history; tail -n +$(grep -m 1 -n "^$(date -d "1 month ago" +%Y-%m-%d)" ${f} | cut -d : -f 1) ${f} | grep -v ^# | grep '|install|' | grep -i updates | while read line;do d=$(rpm -q --queryformat="%{description}\ " $(echo $line| cut -d '|' -f3));echo -e "***********************************\ \ ${line}\ \ ${d}";done > updates_in_last_month.txt
It (probably) works assuming that the name(s) of the repo(s) from which updates are installed contains the case insensitive match of the string ‘updates’ and you didn’t install any new packages with a name containing a case insensitive match of the string ‘updates’ . And possibly other conditions I haven’t thought of

You can get change log information a given package with

$ rpm -q --changelog packagename

Change logs can be long!

me@mine:~> rpm -q --changelog MozillaFirefox | wc 1642 7705 63987 me@mine:~>

Hi
Further to the other comments, the zypper command will also provide
some info as well…

zypper se -i -t patch

From that list you could query each one for info via;

zypper if -t patch <some_patch>
eg;
zypper if -t patch  slessp3-tomcat6-201407
Loading repository data...
Reading installed packages...


Information for patch slessp3-tomcat6-201407:

Name: slessp3-tomcat6-201407
Version: 9487
Arch: noarch
Vendor: maint-coord@suse.de
Status: Installed
Category: security
Created On: Sun 06 Jul 2014 04:40:18 AM CDT
Reboot Required: No
Package Manager Restart Required: No
Interactive: No
Summary: Security update for tomcat6
Description: 

Tomcat has been updated to version 6.0.41, which brings security and
bug 
fixes.

The following security fixes have been fixed:

* CVE-2014-0096: A XXE vulnerability via user supplied XSLTs.
* CVE-2014-0099: Request smuggling via malicious content length
header.
* CVE-2014-0119: A XML parser hijack by malicious web application.

Bugs fixed:

* Socket bind fails on tomcat startup when using apr (IPV6)
(bnc#881700)
* classpath for org/apache/juli/logging/LogFactory (bnc#844689)

Security Issues:

* CVE-2013-4322
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4322>
* CVE-2012-3544
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3544>
* CVE-2014-0099
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0099>
* CVE-2014-0096
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0096>
* CVE-2014-0119
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0119>


Provides:
patch:slessp3-tomcat6-201407 == 9487

Conflicts:
libtcnative-1-0.x86_64 < 1.3.3-12.2.1
tomcat6.noarch < 6.0.41-0.43.1
tomcat6-admin-webapps.noarch < 6.0.41-0.43.1
tomcat6-docs-webapp.noarch < 6.0.41-0.43.1
tomcat6-javadoc.noarch < 6.0.41-0.43.1
tomcat6-jsp-2_1-api.noarch < 6.0.41-0.43.1
tomcat6-lib.noarch < 6.0.41-0.43.1
tomcat6-servlet-2_5-api.noarch < 6.0.41-0.43.1
tomcat6-webapps.noarch < 6.0.41-0.43.1

–
Cheers Malcolm °¿° LFCS, SUSE Knowledge Partner (Linux Counter #276890)
openSUSE 13.1 (Bottle) (x86_64) GNOME 3.10.1 Kernel 3.11.10-21-desktop
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below… Thanks!

Hi ddgaikwad,

[QUOTE=ddgaikwad;23558]Hi Guys,

I would like to get a list of recently installed security packages along with their descriptions and issue they resolve.
Is this possible over using Yast? If yes, please guide me.

Thank you,[/QUOTE]

while this is via CLI, rather than YaST, I’d approach this the following way:

for i in $(zypper se -t patch -i|awk '{print $3}'|egrep -ve  "^data|^packages|^Name|^$") ; do zypper info -t patch $i|egrep -e  "^Category: security" > /dev/null && echo $i ;done

will give you a list of all installed security patches. Using "zypper info -t patch ", you can see the details of each package, the description will usually list the security issues that were fixed and the “Conflicts” section reports which RPMs (and their version) will be replaced when applying the patch.

The complex and slow way to accomplish what you asked for is to

• query the list of “recently installed RPMs” (see ab’s reply on this)

• query the details of all installed security patches

• cross-link the two (find all patches whose Conflicts section mentions one of the found RPM versions)

• list the patch information of the so identified patches

If anyone has a quicker way of doing this, please make yourself known

Regards,
Jens